I have implemented ELK on a single node with basic security (win server 2016).
Elastic search, logstash and kibana are working fine. Now I want to start shipping some data and setting up dashboards. I have win 10 machine with auditbeat 7.12.1 configured as followed:
setup.dashboards.enabled
setup.kibana
host: "<ip address to my ELK:5601"
username: "kibana_system"
password: "kibanapwd"
output.logstash
host: "<ip address of to my ELK:5044"
username: "logstash_system"
password: "logstash_system"
I know that windows 10 and ELK can talk to each other bc I am able to ping ELK from win10.
However, when I run command ".\auditbeat.exe -e" I get following response:
"No connection could be made because target machine actively refuse it.. Response: . "
Now, I may be confused with couple of things.
Should I send beats to logstash or elastic search
Users kibana_system and logstash_system are default users that I created passwords for with elasticsearch interactive mode. Should I use/create different users?
Maybe one of these (Built-in roles | Elasticsearch Guide [7.9] | Elastic) ?
Sync I implemented basic security between nodes, do I also need to create certificates for every auditbeat host? Do I also need to updated auditbeat.yml files with configuration for it? (I thought this was only for HTTPS traffic which i have not set up yet).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.